Social media: Two words that would probably give most K-12 school districts a major headache. It’s almost a universal truth in education that students are prone to posting, sharing, and commenting inappropriate things online. That risk is, in and of itself, a constant struggle for school IT departments.
What’s even more concerning is that you never know what type of personal information a user might (unwittingly) be sharing with a social media platform. One social media app has taken the world by storm and raised many data protection concerns in the process.
TikTok — a popular social media app amongst students where users draft videos of themselves and share them with others — recently became the subject of a class action lawsuit. Let’s examine the data privacy settlement, what it means for your district, and why the TikTok app could be putting your school’s personal data at risk.
In late October 2022, TikTok users around the country began receiving payments from TikTok Inc. At first, many people assumed it was a scam. But, in reality, this money was the result of a lengthy litigation process — so long, in fact, that many people forgot they even submitted a claim in the first place.
Let’s take a step back for a moment and put this class action settlement into context. What, exactly, is a TikTok anyway?
In simple terms, TikTok — Musical.ly, as it used to be called — is a social media platform on which people post short-form videos or live streams for others to watch. TikTok Inc. is owned by ByteDance, a company that actually has a history of data privacy violations.
Back in 2019, ByteDance agreed to a $5.7 million settlement payment after the Federal Trade Commission (FTC) alleged the company illegally collected personal information from minors. The FTC claims the app violated the Children’s Online Privacy Protection Act (COPPA), which requires online services to obtain parental permission before collecting user data of anyone under the age of 13.
That same year, TikTok got hit with another class action lawsuit. Let’s dive into the details:
According to court documents, the plaintiffs allege TikTok Inc. illegally obtained biometric data, mined personal information from drafted videos, and improperly shared user data with third party companies, including Google and Facebook. As a class action, this case is the sum of 21 separate lawsuits, some of which were filed on behalf of children.
The suit claims that the social media app used facial recognition technology to process personal data, such as age, gender, and race to recommend content for the TikTok user. Despite maintaining its innocence, ByteDance eventually settled the case in February 2021 for $91 million. By August 2022, a judge named John Lee of the Northern District of Illinois approved the settlement.
After months of ByteDance appealing the verdict, the final appeal was dismissed in October 2022, at which point the settlement administrator began writing checks. In total, the data privacy settlement applies to about 89 million people who used the TikTok app between 2014 and September 30, 2021.
The TikTok settlement is indicative of just how dangerous a problematic third-party social media app can be for anyone, let alone a school district filled with exploitable children.
It’s not uncommon for students to create a TikTok account using a school-provided email address (in fact, our platform commonly flags this and other problematic apps). When they do, they’re opening the door for the app to gather their personal data and use it for financial gain. Beyond “TikTok Challenges” that trash bathrooms and have caused many other problems, TikTok’s challenges are two-pronged when it comes to K-12 education:
As the class action settlement proves, TikTok collects a stockpile of personal information. According to EdWeek, this includes:
What does a social media platform do with all these data points? The short answer is advertising. TikTok’s algorithm delivers interest-based ads to its users based on the type of content they consume, interact with, and share. The app also factors in other information, such as where you’re located and how old you are.
EdWeek also reports that many school districts should be concerned about how their students are participating in the TikTok community. And, importantly, if they’re accessing it using a school-provided Google account. A hallmark of the app is that users frequently participate in trending challenges. These can range anywhere from wholesome acts of kindness to risky stunts.
Unfortunately, students may be putting themselves in danger by taking part in dangerous challenges, which EdWeek says have led to fires and electrocution on campus. What’s also important to note is that some hateful trends may encourage students to engage in toxic behaviors, including bullying, hate speech, and racism.
Nowadays, the vast majority of K-12 schools operate in the cloud using either Google Workspace or Microsoft 365. However, that also means schools are at risk of cloud-based vulnerabilities if they don’t have a proper cloud security platform on their side.
Unfortunately, that’s exactly the predicament most schools are in. According to EdWeek Research, less than 20% of school cybersecurity budgets are dedicated to protecting their cloud environment. Yes, domains like Google Workspace have built-in protections, but these tools are limited. Generally, they only give you a peek into your cloud domain, whereas a proper platform takes you behind the curtain.
With a data loss prevention (DLP) tool like ManagedMethods, you can improve cloud visibility and keep tabs on your entire domain — all from a single dashboard. DLP gives you all the details you need to remove unauthorized apps, investigate risks, and mitigate them completely. You’ll know if a student opens a TikTok account using their school-provided email and exactly when they did it.